I finally figured out why I haven't been able to successfully FTP from Safari the last couple of weeks. Apparently, the latest version seems to require that "Passive FTP" be enabled in order to function correctly. I had shut it off because some (IM/Chat) ports on the Linksys at work were disabled, and it made getting an FTP connection kind of a lottery situation sometimes.

In any case, if you're having trouble connecting to any FTP, you might go to the Network Pane of System Preferences, switch to the Proxies tab and make sure that "Use Passive FTP Mode" is checked. This did the trick for me. YMMV, naturally.

[robg adds: Safari seems to work fine for me with Passive mode disabled or enabled, but perhaps this will help someone who's having an issue with Safari FTP...]

While we're talking problems with Safari, note that I've found
Safari doesn't honor both the host AND the port of proxies. So
https: links will be redirected to the specified proxy, but will still
go to the https port and not the port you set.

This makes https links in Safari unusable from work for me. I
use Camino instead, which does honor both host and port proxy
settings.

Ftp uses the standard port of 21.
Passive Mode should only be used if the user is connecting to a
NONstandard ftp port while BEHIND a firewall.

If you are not behind a firewall, you can connect to anyport
you'd like all day long with FTP. BUT if you are behind a firewall
and you try to connect to port 2048, or anything OTHER than 21,
with ftp, you won't recieve any data from the server.

If you are connecting to port 21 and you are behind a firewall,
turn off passive mode. If you are using passive mode and you
are connecting to port 21 while behind a firewall, it won't work,
just as connecting to port 2134 while behind a firewall won't
work withOUT passive mode.

I am behind a symantec 200r firewall (Nexland OEM) and cannot connect to any NT FTP servers at all, whether passive is checked or not. Actually, I can connect, but cannot do anything else - dir or "get" just hangs. I have a feeling the NT Server is passing back the port number to use in a packet and OSX can't track the packet properly behind the NAT - anyone else having this problem? All the windows and linux machines behind the firewall connect and work just fine, BTW.

-Rick Mills
rick@jpusa.org

---
There are 10 types of people in the world; those who understand binary, and those who don't.

Actually that's a little misleading. The control port isn't usually a big deal, unless the nonstandard port is blocked on the client's firewall.

FTP works on two TCP connections. A long-running control connection (usually to port 21 on the server) and a per-file data connection.

Normally, the FTP client opens a listening port on the client machine ("inbound" port, server port) and tells the server about it. If you use the old command-line FTP program, you'll have seen messages like "PORT command successful"--PORT is the command that tells the server the IP and port to contact (i.e., where on the local machine).

If you are behind a masquerading or NAT-ing firewall ("internet sharing router"), the PORT command will have the IP address from the internal network, which hopefully isn't routable. (e.g., PORT 10.0.0.1.27866 won't work.)

Passive mode means the SERVER opens a second listening port, just for that one client, and the client opens a second outbound connection to it. Instead of issuing the PORT command, the client issues the PASV command; the server's response tells the client the IP and port to use. It's called passive because the server just sits there and waits, it doesn't initiate the connection like "classic" FTP's PORT command.

PASV won't work if the SERVER is behind a firewall which forwards the control connection (port 21) through.

To get PORT to work on a firewalled client, the firewall has to be aware of the FTP protocol, as it has to re-write the control commands to correct the addresses, and forward the appropriate inbound connections. Same thing for PASV on a firewalled server.

If you have a firewalled client and a firewalled server, without special FTP support in the firewalls, you can't do FTP between those machines, neither PASV nor PORT will work.

Hmmmmm. I wonder where the problem is, then. If I start a command line ftp from windoze and connect to an ACTIVE server (which I think NT ftp servers are), everything works behind the firewall. I I do the same thing from linux, everything works fine. If I connect from OS/9, everythinf works fine. If I connect from OSX, it connects, but nothing works (just hangs). If the firewall isn't translating the packets properly, why does ftp work from all the other clients?

Confused.....

---
There are 10 types of people in the world; those who understand binary, and those who don't.

I have the same problem...when I type in an FTP address into Safari, it just redirects it to IE (bleh!). On my other computer, it works fine (opens in Finder) and it used to work on this one, but some preference must have been changed. Any help would be appreciated!

Clicking on ftp-links in Safari 1.2 on my machine opens a new window and that was all (no difference with or without passive transfer mode set as expected).
My solution: I remembered the MoreInternet Preference Pane from

http://www.monkeyfood.com/software/MoreInternet/

it's a great freeware. For the ftp-protocol there was an formerly used and recently deleted app mentioned. I just set up a new entry for ftp and without any question the old entry was overwritten by a new one with the Finder as application.